Threat Encyclopedia

PHP/Rst.CO!tr.bdr

description-logoAnalysis



PHP/Rst.CO!tr.bdr is a generic detection for a backdoor Trojan. Since this is a generic detection, this malware may have varying behaviour.
Below are some of the observed characteristics/behaviours:

  • This malware may be implanted in hijacked websites.

  • Once implanted, this malware may feign a GIF but has embedded PHP that may have some or all of the following capabilties:
    • allow for file uploading
    • allow for command line executions
    • allow for database manipulation
    • reveal user info
    • involve password cracking techniques

  • Below is an illustration of this malware:

    • Figure 1: Malware.



recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry